Total
14585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50832 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | |||||
| CVE-2024-50831 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | |||||
| CVE-2024-50830 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters. | |||||
| CVE-2024-50829 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter. | |||||
| CVE-2024-50828 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. | |||||
| CVE-2024-50827 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. | |||||
| CVE-2024-50323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2024-11124 | 1 Timgeyssens | 1 Ui-o-matic | 2024-11-15 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical. This vulnerability affects unknown code of the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11127 | 1 Anisha | 1 Job Recruitment | 2024-11-15 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-51882 | 1 Ehues | 1 Gboy Custom Google Map | 2024-11-15 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ehues Gboy Custom Google Map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through 1.2. | |||||
| CVE-2024-9465 | 1 Paloaltonetworks | 1 Expedition | 2024-11-15 | N/A | 9.1 CRITICAL |
| An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. | |||||
| CVE-2024-39368 | 2024-11-15 | N/A | 8.0 HIGH | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-11016 | 1 Vice | 1 Webopac | 2024-11-14 | N/A | 9.8 CRITICAL |
| Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-47331 | 1 Ninjateam | 1 Multi Step For Contact Form 7 | 2024-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. | |||||
| CVE-2024-11076 | 1 Anisha | 1 Job Recruitment | 2024-11-14 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11074 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-11-14 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "inccat" to be affected. But it must be assumed "desc", "date", and "amount" are affected as well. | |||||
| CVE-2024-11077 | 1 Anisha | 1 Job Recruitment | 2024-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-51843 | 1 Olland | 1 Horsemanager | 2024-11-14 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Olland.Biz Horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through 1.3. | |||||
| CVE-2024-51837 | 1 Andsonsdesign | 1 Wp-contest | 2024-11-14 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a through 1.0.0. | |||||
| CVE-2024-51820 | 1 Lsquared | 1 L Squared Hub | 2024-11-14 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in L Squared Support L Squared Hub WP allows SQL Injection.This issue affects L Squared Hub WP: from n/a through 1.0. | |||||